This document discusses communications data retention and access in the context of an evolving internet. It outlines key issues including how data retention is being used and whether it is proportionate given changing internet usage patterns and surveillance techniques. The document also examines recent court decisions questioning data retention and proposes ways to update requirements to balance law enforcement needs with privacy protections.
Transatlantic data flows following the Schrems II judgmentblogzilla
Brief summary of Ian Brown and Douwe Korff’s study for the European Parliament Civil Liberties Committee, presented at a committee hearing on 9 November 2021
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
APNIC General Counsel Craig Ng discusses legal cooperation to overcome jurisdictional and territorial limits in cybercrime investigations at the 33rd TWNIC IP OPM in Taipei, Taiwan, on 5 December 2019.
Transatlantic data flows following the Schrems II judgmentblogzilla
Brief summary of Ian Brown and Douwe Korff’s study for the European Parliament Civil Liberties Committee, presented at a committee hearing on 9 November 2021
33rd TWNIC IP OPM: Legal cooperation to overcome jurisdictional and territori...APNIC
APNIC General Counsel Craig Ng discusses legal cooperation to overcome jurisdictional and territorial limits in cybercrime investigations at the 33rd TWNIC IP OPM in Taipei, Taiwan, on 5 December 2019.
New Media Internet Expression and European Data ProtectionDavid Erdos
These slides are based on my keynote address to the Maison Française d'Oxford conference "Data Privacy Law: Policy and Legal Challenges", 20 November 2015. Drawing on both doctrinal analysis and a survey of European Data Protection Authorities (DPAs) it makes four key claims about law and practice as entrenched in C-131/12 Google Spain (2014). Firstly, both the Court of Justice and especially European DPAs have adopted an expansive interpretative stance as regards data protection applied to internet expression. Secondly, that paradigm has serious implications for a range of internet actors beyond search engines. Thirdly, enforcement has been both limited and sporadic. Fourthly, a focus by DPAs on enforcement can result in the production of detailed guidance which "reads down" the law and therefore is some tension with the expansive interpretative stance generally adopted, the implementation of the Google Spain decision against search engines being a case in point.
Data Protection and Journalism: The Changing LandscapeDavid Erdos
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
Data Protection and Academia: Fundamental Rights in ConflictDavid Erdos
This keynote talk to Norwegian National Conference on Research Ethics on 18 September 2018 explored the tension between European data protection norms and the nature of much of academic work, focusing on problems as regards the basic model of data management, the notion of critical inquiry and the need in some circumstances to resort to covert methods. It argued that the "historical and scientific research purposes" provisions in Article 89 of the GDPR largely fail to address these difficulties and stressed the centrality of the protections for "academic expression" including alongside journalism in Article 89 which is correctly predicated on reconciling data protection with the fundamental right to freedom of expression.
See https://i4ada.org for additional information and videorecordings of the presentations held at the Hague Summit for Accountability in the Digital Age
EU General Data Protection Regulation & Transborder Information FlowDavid Erdos
These slides are based on the talk I gave to the Wisconsin International Law Journal's Annual Symposium "Stamping Privacy's Passport? The Role of International Law in Safeguarding Individual Privacy" (Wisconsin, USA; 8 April 2016). This talk argued that European data protection's formal understanding of transborder data flow regulation (TBDF) is not only potentially very broad but has not appropriately balanced data protection against other key rights such as freedom of information and association. Many of these existing structural difficulties are exacerbated under the newly agreed General Data Protection Regulation (GDPR). In order to better reconcile the values at stake, Data Protection Authorities (DPAs) should also develop models to "authorize" low-risk TBDFs via self-certification by data controllers themselves. Member States should also make broad use of the derogations the Regulation leaves available. More generally, a contextual, risk-based interpretation of the GPDR must be developed which seeks to provide robust privacy and other individual safeguards without putting in jeopardy Europe’s other core values and liberties.
The power of FOI generated stories and campaigns: Krisztina Zala, Atlatszo, H...mysociety
Presented at AlaveteliCon 2019 in Oslo. More details of the conference can be found here: https://www.mysociety.org/transparency/alaveteli/alavetelicon-2019/
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
The General Data Protection Regulation (GDPR): What About Data Stored or Transmitted Outside the EU? Written by: Rutger Ketting of Nysingh advocaten-notarissen N.V. (Apeldoorn, The Netherlands - TAGLaw).
New Media Internet Expression and European Data ProtectionDavid Erdos
These slides are based on my keynote address to the Maison Française d'Oxford conference "Data Privacy Law: Policy and Legal Challenges", 20 November 2015. Drawing on both doctrinal analysis and a survey of European Data Protection Authorities (DPAs) it makes four key claims about law and practice as entrenched in C-131/12 Google Spain (2014). Firstly, both the Court of Justice and especially European DPAs have adopted an expansive interpretative stance as regards data protection applied to internet expression. Secondly, that paradigm has serious implications for a range of internet actors beyond search engines. Thirdly, enforcement has been both limited and sporadic. Fourthly, a focus by DPAs on enforcement can result in the production of detailed guidance which "reads down" the law and therefore is some tension with the expansive interpretative stance generally adopted, the implementation of the Google Spain decision against search engines being a case in point.
Data Protection and Journalism: The Changing LandscapeDavid Erdos
These slides provide an overview of the changing landscape for data protection and journalism in decade or so since the Leveson Inquiry. As well as detailing the core public interest and incompatibility tests, they look at developments in case law, at the ICO and under the GDPR and DPA 2018. They are intended to provide background to the ICO consultation on a data protection and journalism code of practice which runs until 10 January 2022.
Data Protection and Academia: Fundamental Rights in ConflictDavid Erdos
This keynote talk to Norwegian National Conference on Research Ethics on 18 September 2018 explored the tension between European data protection norms and the nature of much of academic work, focusing on problems as regards the basic model of data management, the notion of critical inquiry and the need in some circumstances to resort to covert methods. It argued that the "historical and scientific research purposes" provisions in Article 89 of the GDPR largely fail to address these difficulties and stressed the centrality of the protections for "academic expression" including alongside journalism in Article 89 which is correctly predicated on reconciling data protection with the fundamental right to freedom of expression.
See https://i4ada.org for additional information and videorecordings of the presentations held at the Hague Summit for Accountability in the Digital Age
EU General Data Protection Regulation & Transborder Information FlowDavid Erdos
These slides are based on the talk I gave to the Wisconsin International Law Journal's Annual Symposium "Stamping Privacy's Passport? The Role of International Law in Safeguarding Individual Privacy" (Wisconsin, USA; 8 April 2016). This talk argued that European data protection's formal understanding of transborder data flow regulation (TBDF) is not only potentially very broad but has not appropriately balanced data protection against other key rights such as freedom of information and association. Many of these existing structural difficulties are exacerbated under the newly agreed General Data Protection Regulation (GDPR). In order to better reconcile the values at stake, Data Protection Authorities (DPAs) should also develop models to "authorize" low-risk TBDFs via self-certification by data controllers themselves. Member States should also make broad use of the derogations the Regulation leaves available. More generally, a contextual, risk-based interpretation of the GPDR must be developed which seeks to provide robust privacy and other individual safeguards without putting in jeopardy Europe’s other core values and liberties.
The power of FOI generated stories and campaigns: Krisztina Zala, Atlatszo, H...mysociety
Presented at AlaveteliCon 2019 in Oslo. More details of the conference can be found here: https://www.mysociety.org/transparency/alaveteli/alavetelicon-2019/
The GDPR: What About Data Stored or Transmitted Outside the EU?TAG Alliances
The General Data Protection Regulation (GDPR): What About Data Stored or Transmitted Outside the EU? Written by: Rutger Ketting of Nysingh advocaten-notarissen N.V. (Apeldoorn, The Netherlands - TAGLaw).
A Dynamic Intelligent Policies Analysis Mechanism for Personal Data Processin...Konstantinos Demertzis
The evolution of the Internet of Things is significantly a
ected by legal restrictions imposed for personal data handling, such as the European General Data Protection Regulation (GDPR).
The main purpose of this regulation is to provide people in the digital age greater control over their personal data, with their freely given, specific, informed and unambiguous consent to collect and process the data concerning them. ADVOCATE is an advanced framework that fully complies with the requirements of GDPR, which, with the extensive use of blockchain and artificial intelligence technologies, aims to provide an environment that will support users in maintaining control of their personal data in the IoT ecosystem. This paper proposes and presents the Intelligent Policies Analysis Mechanism (IPAM) of the ADVOCATE framework, which, in an intelligent and fully automated manner, can identify conflicting rules or consents of the user, which may lead to the collection of personal data that can be used for profiling. In order to clearly identify and implement IPAM, the problem of recording user data from smart entertainment devices using Fuzzy Cognitive Maps (FCMs) was simulated. FCMs are an intelligent decision-making system that simulates the processes of a complex system, modeling the correlation base, knowing the behavioral and balance specialists of the system. Respectively, identifying conflicting rules that can lead to a profile, training is done using Extreme Learning Machines (ELMs), which are highly ecient neural systems of small and flexible architecture that can work optimally in complex environments.
My presentation at the IGov2 conference at the University of Oslo, 9 Sept 2014. Gave shorter version at Norwegian Board of Technology hearing on 10 Sept 2014. Related journal article at http://ijlit.oxfordjournals.org/content/early/2014/09/01/ijlit.eau007.abstract
Audio at http://www.jus.uio.no/ifp/english/research/projects/nrccl/internet-governance/events/dag-2-del-2-norrm-mp3.mp3
[CB20] Law Enforcement Access to Transborder Data: Global Reach of the Propos...CODE BLUE
The increasingly sophisticated realm of crime involves challenges related to digital evidence, and employing such evidence in court, as well as actors, actions, or substantial effects that are wholly or in some part located or have been carried out in different jurisdictions. Access to relevant evidence is essential both for the conviction of criminals and for the protection of those wrongly accused. However, due to the decentralised nature of cyberspace, the targeted evidence may be residing in multiple jurisdictions at once or it may be impossible to identify the location at all at a given time (e.g. in the case of cloud computing).
This presentation examines a range of traditional and novel tools aimed at ensuring law enforcement agencies’ cross-border access to evidence such as the Mutual Legal Assistance framework, and the initiatives in the European Union (notably the e-Evidence proposal), Council of Europe (the Budapest Convention) and in the United States. The discussion then moves on to relevant principles of international law such as territorial sovereignty, and seeks to examine the possible global reach and effect on other regions of the EU e-Evidence proposal.
Proposal for a Regulation establishing the interoperability of EU informatio...Thierry Debels
The lack of interoperability between EU information systems impedes the work of authorised users (border guards, law enforcement officers, immigration officers, visa officials or judicial authorities). The fragmented architecture of data management for security, border and migration management, where information is stored separately in unconnected systems, can also lead to blind spots with implications for the EU's internal security. External border controls on persons are not as effective as they should be, to enable effective management of migration and to contribute to internal security. This is evidenced by the ongoing irregular border crossings into the EU, and an evolving threat to internal security as demonstrated by a series of terrorist attacks.
In contemporary democratic societies, where technology is pervasive, the right to privacy remains a fundamental human right that pertains to an individual’s ability to keep their personal or identifiable information, activities, and private life free from unwanted intrusion or interference by public authorities except in accordance with law (Caprioli, et al., 2006).
IT law : the middle kingdom between east and WestLilian Edwards
Privacy as a value is often as conflicting with and less important than other major societal goals such as nation state secureity and business profits. China as a socialist state emerging a a major digital economuic force may fall prey to both these assumptions. However the recent history in the West shows that over zealous national secueity infringing citizen privacy, as revealed in the recent Snowden PRISM/TEMPORA etc scandals, may backlash against business profits as well as reducing citizen trust in security.China can learn from these lessons as it expands its own privacy law especially in the IT/telecoms area.
Presentation on EU Directives Impacting Cyber Security for Information Securi...Brian Honan
A presentation I gave at the Information Security Ireland event where I highlighted upcoming EU legislation that will impact how organisations should think about cyber security and opportunities for security companies to take advantage of
Environmental Protection Through E-Regulation: Critical and Empirical Perspec...Rónán Kennedy
Sometimes the most commonplace and uninteresting tools demand close attention because their mundane nature means that their role is misunderstood. The use of computer technology by government – specifically, by environmental regulators – is one such instance. Information and communications technology (ICT) is increasingly deployed in bureaucratic and regulatory processes throughout the developed world; as in commerce and industry, software code and databases are becoming the invisible ‘glue’ that interconnects the various actors in the regulatory system and weaves an invisible web of control between decision-makers, regulated entities and ordinary citizens. Nonetheless, this topic has received only disconnected academic attention, perhaps because there is little that seems intrinsically interesting about a database.
The issues which ICT raises are not always obvious but nonetheless significant if we are to make the best use of these new tools without unwittingly sacrificing important principles. There is now a substantial body of literature on regulation and ICT. However, this focuses on either ‘information’ or ‘communications’, rarely on both together or on the use of ICT for regulation rather than something to be regulated. There are few theoretical or practical perspectives on the role of ICT in environmental regulation. This paper applies both in combination, developing a values-based, analytical and empirically grounded framework in order to contextualise the use of ICT as a regulatory tool.
The ever-increasing deployment of ICT in homes and offices, the built environment and the world at large creates significant opportunities for achieving better environmental outcomes but this new and poorly-understood development also raises questions about the proper operation of the rule of law by an increasingly computerised state. This research explores how the widespread implementation of ICT is altering power relationships in the system of environmental regulation. It asks to what extent this new capability of large-scale information capture leads to more or less control on the part of regulators, whether existing balances and imbalances of power are altered by these new tools (even when they are seen as neutral) and what happens when the ‘glue’ hardens and installed technology makes policy change difficult.
The paper critically reviews the operation of the rule of law in digitised government. It combines theoretical perspectives from sociology, chiefly actor-network theory, with insights from semi-structured interviews with staff in regulatory agencies, non-governmental agencies and regulated entities, to build a thematic network model of how the use of ICT for information-gathering, as a means of control and as a conduit for communications is perceived by practitioners of environmental regulation. It uses this to sketch the contours of a new field of study, ‘e-regulation’, centred around the core values of the
The protection of the right to be forgotten: lessons and perspectives from Op...Alessandro Mantelero
The presentation revolves around the following main topics:
I. The protection of personal information in the open data context
II. The right to be forgotten and the future EU data protection regulation (GDPR)
III. The right to be forgotten in the existing legal framework
Similar to Communications data retention in an evolving Internet (20)
Should the European Union require the largest social networking services (like Facebook, Instagram and Twitter) to be interoperable with competitors? I explain why and how they should. Originally presented to the European Parliament’s Digital Markets Act working group of MEPs and staff in Brussels, on 24/5/23
Lessons for interoperability remedies from UK Open Bankingblogzilla
The UK’s Open Banking programme is a world-leading experiment in requiring banks to open up customer accounts (with their explicit consent) to third-party providers. What lessons can be learnt from this case for legislation that would require dominant platforms to provide similar functionality?
Introduction to Cybersecurity for Electionsblogzilla
Slides for a 15-minute introduction to Cybersecurity for Elections: A Commonwealth Guide on Best Practice, by Ian Brown, Chris Marsden, James Lee and Michael Veale, published 5 Mar 2020
A basic cybersecurity introduction for managers, explaining how they and their organisation can guard against common types of attacks, based on the UK National Cyber Security Centre’s Cyber Essentials programme
Where next for the Regulation of Investigatory Powers Act?blogzilla
Talk at Open Tech 2015 on legal reform of UK interception and surveillance laws, including a comparison of the Intelligence and Security Committee and David Anderson reports.
My presentation at the Tunis Online Freedom Conference, 17 June 2013. Updated for Asia Privacy Scholars Network conference, 9 July 2013, Hong Kong University, and significantly updated for the SCL Policy Forum, 12 Sep 2013, and presentations at Deutsche Bank and Amberhawk (May 2014)
Search and Society: Reimagining Information Access for Radical FuturesBhaskar Mitra
The field of Information retrieval (IR) is currently undergoing a transformative shift, at least partly due to the emerging applications of generative AI to information access. In this talk, we will deliberate on the sociotechnical implications of generative AI for information access. We will argue that there is both a critical necessity and an exciting opportunity for the IR community to re-center our research agendas on societal needs while dismantling the artificial separation between the work on fairness, accountability, transparency, and ethics in IR and the rest of IR research. Instead of adopting a reactionary strategy of trying to mitigate potential social harms from emerging technologies, the community should aim to proactively set the research agenda for the kinds of systems we should build inspired by diverse explicitly stated sociotechnical imaginaries. The sociotechnical imaginaries that underpin the design and development of information access technologies needs to be explicitly articulated, and we need to develop theories of change in context of these diverse perspectives. Our guiding future imaginaries must be informed by other academic fields, such as democratic theory and critical theory, and should be co-developed with social science scholars, legal scholars, civil rights and social justice activists, and artists, among others.
Slack (or Teams) Automation for Bonterra Impact Management (fka Social Soluti...Jeffrey Haguewood
Sidekick Solutions uses Bonterra Impact Management (fka Social Solutions Apricot) and automation solutions to integrate data for business workflows.
We believe integration and automation are essential to user experience and the promise of efficient work through technology. Automation is the critical ingredient to realizing that full vision. We develop integration products and services for Bonterra Case Management software to support the deployment of automations for a variety of use cases.
This video focuses on the notifications, alerts, and approval requests using Slack for Bonterra Impact Management. The solutions covered in this webinar can also be deployed for Microsoft Teams.
Interested in deploying notification automations for Bonterra Impact Management? Contact us at sales@sidekicksolutionsllc.com to discuss next steps.
JMeter webinar - integration with InfluxDB and GrafanaRTTS
Watch this recorded webinar about real-time monitoring of application performance. See how to integrate Apache JMeter, the open-source leader in performance testing, with InfluxDB, the open-source time-series database, and Grafana, the open-source analytics and visualization application.
In this webinar, we will review the benefits of leveraging InfluxDB and Grafana when executing load tests and demonstrate how these tools are used to visualize performance metrics.
Length: 30 minutes
Session Overview
-------------------------------------------
During this webinar, we will cover the following topics while demonstrating the integrations of JMeter, InfluxDB and Grafana:
- What out-of-the-box solutions are available for real-time monitoring JMeter tests?
- What are the benefits of integrating InfluxDB and Grafana into the load testing stack?
- Which features are provided by Grafana?
- Demonstration of InfluxDB and Grafana using a practice web application
To view the webinar recording, go to:
https://www.rttsweb.com/jmeter-integration-webinar
Accelerate your Kubernetes clusters with Varnish CachingThijs Feryn
A presentation about the usage and availability of Varnish on Kubernetes. This talk explores the capabilities of Varnish caching and shows how to use the Varnish Helm chart to deploy it to Kubernetes.
This presentation was delivered at K8SUG Singapore. See https://feryn.eu/presentations/accelerate-your-kubernetes-clusters-with-varnish-caching-k8sug-singapore-28-2024 for more details.
PHP Frameworks: I want to break free (IPC Berlin 2024)Ralf Eggert
In this presentation, we examine the challenges and limitations of relying too heavily on PHP frameworks in web development. We discuss the history of PHP and its frameworks to understand how this dependence has evolved. The focus will be on providing concrete tips and strategies to reduce reliance on these frameworks, based on real-world examples and practical considerations. The goal is to equip developers with the skills and knowledge to create more flexible and future-proof web applications. We'll explore the importance of maintaining autonomy in a rapidly changing tech landscape and how to make informed decisions in PHP development.
This talk is aimed at encouraging a more independent approach to using PHP frameworks, moving towards a more flexible and future-proof approach to PHP development.
Dev Dives: Train smarter, not harder – active learning and UiPath LLMs for do...UiPathCommunity
💥 Speed, accuracy, and scaling – discover the superpowers of GenAI in action with UiPath Document Understanding and Communications Mining™:
See how to accelerate model training and optimize model performance with active learning
Learn about the latest enhancements to out-of-the-box document processing – with little to no training required
Get an exclusive demo of the new family of UiPath LLMs – GenAI models specialized for processing different types of documents and messages
This is a hands-on session specifically designed for automation developers and AI enthusiasts seeking to enhance their knowledge in leveraging the latest intelligent document processing capabilities offered by UiPath.
Speakers:
👨🏫 Andras Palfi, Senior Product Manager, UiPath
👩🏫 Lenka Dulovicova, Product Program Manager, UiPath
DevOps and Testing slides at DASA ConnectKari Kakkonen
My and Rik Marselis slides at 30.5.2024 DASA Connect conference. We discuss about what is testing, then what is agile testing and finally what is Testing in DevOps. Finally we had lovely workshop with the participants trying to find out different ways to think about quality and testing in different parts of the DevOps infinity loop.
"Impact of front-end architecture on development cost", Viktor TurskyiFwdays
I have heard many times that architecture is not important for the front-end. Also, many times I have seen how developers implement features on the front-end just following the standard rules for a framework and think that this is enough to successfully launch the project, and then the project fails. How to prevent this and what approach to choose? I have launched dozens of complex projects and during the talk we will analyze which approaches have worked for me and which have not.
2. Outline How are communications data retention and access powers being used? Are they proportionate? How are changing patterns of Internet usage and surveillance affecting data retention? How should data retention requirements be updated to meet law enforcement needs and protect privacy?
3. Comms data requests/m people Data: European Commission review of Data Retention Directive; IMF World Economic Outlook
4. Proportionality of retaining data “The decision to retain communication data for the purpose of combating serious crime is an unprecedented one with a historical dimension. It encroaches into the daily life of every citizen and may endanger the fundamental values and freedoms all European citizens enjoy and cherish.” –Article 29 WP Opinion 3/2006 “[70%] of all data are use within 0-3 months … and [85%] within 0-6 months” (EC review)
5. Recent court decisions Bulgarian Supreme Administrative Court blocked remote Ministry of Interior access to data and security service access without a court order (11 Dec 2008) “the obligation to retain the data … as an exception or a derogation from the principle of personal data protection … empties, through its nature, length and application domain, the content of this principle” –Romanian Constitutional Court, 8 Oct 2009 “Given the rapid advance of current technology it is of great importance to define the legitimate legal limits of modern surveillance techniques used by governments… without sufficient legal safeguards the potential for abuse and unwarranted invasion of privacy is obvious” –Irish High Court, 5 May 2010
7. Dragnet surveillance Hepting v. AT&T and Jewel v. NSA plaintiffs alleged Narus DPI equipment installed in San Francisco, Seattle, San Jose, Los Angeles and San Diego, and NSA given access to Daytona 300+ terabyte database of comms data UK Intercept Modernisation Programme and GCHQ “Mastering the Internet” contract
8.
9. Efficacy of data mining ~5000 Americans surveilled over 4 years; led to <10 warrants per year “[T]here is not a consensus within the relevant scientific community nor on the committee regarding whether any behavioral surveillance … techniques are ready for use at all in the counterterrorist context" –US National Research Council (2008) p.4
10. Ways forward Update Data Retention Directive: Retain only subscriber data? Set 6 months as retention period? Impose BVFG conditions? Repeal entirely? Implement Cybercrime Convention: Art. 16(1) “Each Party shall adopt such legislative and other measures as may be necessary to enable its competent authorities to order or similarly obtain the expeditious preservation of specified computer data, including traffic data”
Editor's Notes
Data: European Commission evaluation of data retention directive p.33; IMF World Economic Outlook 2009 population figures for 2008